Drop privileges in worker processes.

Accepting connections and handshaking in secondary is still done before dropping privileges. It should be implemented by only accepting connections in privileged main process and passing connection descriptors to the worker, but is not implemented yet. MFC after: 1 week
svn path=/head/; revision=218049
2011-01-28 22:35:46 +00:00 · 2011-01-28 22:35:46 +00:00 · 6d7967de8a · 2020-12-20 02:59:44 +00:00
commit 6d7967de8a
parent 49499e981e
2 changed files with 8 additions and 0 deletions
--- a/sbin/hastd/primary.c
+++ b/sbin/hastd/primary.c
@ -847,6 +847,11 @@ hastd_primary(struct hast_resource *res)
 	init_ggate(res);
 	init_environment(res);

+	if (drop_privs() != 0) {
+		cleanup(res);
+		exit(EX_CONFIG);
+	}
+
 	/*
 	 * Create the guard thread first, so we can handle signals from the
 	 * very begining.
--- a/sbin/hastd/secondary.c
+++ b/sbin/hastd/secondary.c
@ -413,6 +413,9 @@ hastd_secondary(struct hast_resource *res, struct nv *nvin)
 	init_local(res);
 	init_environment();

+	if (drop_privs() != 0)
+		exit(EX_CONFIG);
+
 	/*
 	 * Create the control thread before sending any event to the parent,
 	 * as we can deadlock when parent sends control request to worker,